The HIPAA Security Rule requires implementing risk management tools and techniques to adequately and effectively safeguard ePHI. Risk analysis and management provides the foundation for an organization's Security Rule compliance efforts, and reinforces its strategy to protect the confidentiality, integrity, and availability of vital information.
The OCR continues to crack down on HIPAA breaches, but it also paused to take a look back at past incidents in two annual reports to Congress. The reports, which were released in May, summarize the reported 2011?2012 HIPAA breach and compliance activities as required by the HITECH Act. Although the data presented in the reports details the events from prior years, the causes of the breaches reported to and investigated by OCR are still relevant?and problematic?for healthcare organizations today.
CMS refined and updated its Comprehensive APC policy in the 2015 OPPS proposed rule released July 3, adding a new complexity adjustment factor. CMS also proposes significantly expanding the packaging of ancillary services. Additionally, the proposed rule includes a significant change to requirements related to inpatient physician certification.
When CMS releases rules, the length can be intimidating. But even at a relatively slim 700 pages, the 2015 OPPS proposed rule isn't able to include details on each of the changes CMS is planning. This is probably a good thing?otherwise the rules could be thousands of pages long. Updates like codes being moved around or status indicators changing often aren't described in full in the narrative text, necessitating a deeper look at the addenda CMS releases as Excel® files on its website.
